V Sainath knew something was wrong when he was served an astronomical bill for calls and messages that he had never made or sent. His phonebook entries had vanished and the standby screen showed him a picture of skull instead of his usual wallpaper.
What Sainath did not realise that his mobile was reeling under a 'viral attack'. How did it happen? Through an anonymous file that he had received a few days back via his Bluetooth network. The file containing the virus had self-executed, thereby corrupting his data.
This might sound like a sci-fi flick to you today but if you carry a Bluetooth-enabled smartphone or a personal digital assistant, you are susceptible to similar attacks. IT pundits who have predicted wireless technologies as the flavour of 2006, have also warned about wireless security that lurks just round the corner.
And for the 75-odd million mobile phone subscribers in India, the situation might just get serious with time. This is how Gokul Janga, general manager, Aventail India puts it, "Wireless connectivity coupled with execution of downloaded content is a lethal combination that lends itself to attacks."
Janga believes most of the feature-rich smart phones have proved themselves to be nearly as dumb as personal computers when it comes to fending off security headaches.
While malicious code capable of freezing phones or erasing data altogether is fairly commonplace when it comes to personal computers, code that can capture authentication keys in mobiles is still a rare incidence.
"But the reason for that is not the lack of expertise on the part of the attackers. It is more to do with the fact that mobile-based financial transactions are still not popular in India," reasons Capt Raghu Raman, CEO of Mahindra Special Services Group. He predicts that the panic button would be hit once it reaches a 'critical mass number'.
"If today hackers can scoop up calendars, contact lists, and other sensitive information, or turn a mobile phone into a bugging device to secretly listen to conversations, the situation would only worsen tomorrow. Raman foresees birth of "mobile viruses that will crawl from handset to handset and disable the phones completely".
Common mobile viruses such as Cabir and Commwarrior that spread via the Bluetooth have been the most talked-about mobile viruses. Bulk of the smartphones sport one of the two major operating systems - Symbian (that commands a market share of 80.5 per cent) or Microsoft Windows Mobile (with 9.7 per cent market share).
Common mobile viruses
Cabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals
Duts: A parasitic file infector virus and is the first known virus for the PocketPC platform. It attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes)
Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also renders all phone applications, including SMSes and MMSes useless
Comwar: First worm to use MMS messages in order to spread to other devices. Can spread through Bluetooth too. It infects devices running under OS Symbian Series 60. The executable worm file once launched hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
The popular Symbian OS is used by variety of handset manufacturers including Nokia, Motorola, Panasonic, Siemens and Samsung - has been the target for many proof-of-concept viruses to date, primarily because of its popularity.
Security experts believe that the phone bugs will eventually become as big a nuisance as Windows viruses. Is there any respite in offing? "Nothing which can be marketed as fool proof seems to be on the cards," adds Sascha Beyer, vice president, Asia Pacific and Africa, Pointsec Mobile Technologies.
He agrees that PDAs or other mobile devices need firewall protection as well as the data encryption options so as to avoid any loss of information in case of an attack or loss of device. K K Kaushik, national head (Networking Solutions), Team Computers says, "As of now, however, Symbian devices will be the target for the miscreants."
Mobile device users have given rise to a market for third-party applications (such as games and other mobile applications) and with it opened up opportunities for malicious use through web downloads too.
Issuing patches to correct a security loophole on a PC is much easier than on a handset, feel experts. "The problem lies in updating the anti-virus software on handsets recurrently," reckons Beyer.
The situation is bad but not alarming assures Niraj Kaushik, CEO of Trend Micro - leading anti-virus vendor. He says, "We must keep in mind that only a fraction of the million phones in use are sophisticated enough to be at risk." The addition of web browsing increases susceptibility of web based infections through downloads of infected applications.
According to estimates from Canalys, a marketing consulting firm, the small mobile device mobile market has exceeded 75 per cent in Q3 2005 as compared to Q3 2004 (globally).
"In addition, IDC expects the mobile worker population from 650 million in 2004 to 850 million in 2009. Such an increase in mobile workers will drive the demand for security services," forecasts a study by Trend Micro.
If 3G phones are here to stay, so are the viruses and malware. With every new addition, mobile devices will improve productivity levels and also bare themselves to virus infections. The only way out, as per the general consensus, seems to proactively implement on-device security measures that include data encryption and anti-virus software applications.
The most obvious reason, feel security experts, why mobile viruses won't become an issue for sometime is the wide array of phone models, network technologies and embedded operating systems. In short, we have still have choice but the clock is ticking.
What to do?
- Be careful when accepting files via Bluetooth
- If you do infect your mobile, turn off the Bluetooth functions so that malware does not find new targets
- Delete messages from unknown senders
- Do not install programmes if you are unsure of their origin
- Download ringtones and games from official websites
- Delete the infected application programmes and re-install them
More from rediff